Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.4.5 Administration Guide
    7.4.5
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Slack Notification action

    Slack Notification action

    To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

    This example uses a Security Rating Summary trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

    To create an Incoming Webhook in Slack:

    1. Go to the Slack website, and create a workspace.

    2. Create a Slack application for the workspace.

    3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).

    4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

    To configure an automation stitch with Slack Notification actions in the GUI:

    1. Go to Security Fabric > Automation, select the Stitch tab, and click Create New.

    2. Enter the stitch name.

    3. Configure the Security Rating Summary trigger:

      1. Click Add Trigger.

      2. Click Create and select Security Rating Summary.

      3. Name

        auto-rating

        Report

        Security Posture

        Enter the following:

      4. Click OK.

      5. Select the trigger in the list and click Apply.

    4. Configure the first Slack Notification action:

      1. Click Add Action.

      2. Click Create and select Slack Notification.

      3. Enter the following:

        Name

        slack1

        URL

        Paste the webhook URL from the clipboard

        Message

        Text

        Message text

        This is test for slack notification.

      4. Click OK.

      5. Select the action in the list and click Apply.

    5. Configure the second Slack Notification action:

      1. Click Add Action.

      2. Click Create and select Slack Notification.

      3. Enter the following:

        Name

        slack2

        URL

        Paste the webhook URL from the clipboard

        Message

        Text

        Message text

        %%log%%

      4. Click OK.

      5. Select the action in the list and click Apply.

      6. Click the Add delay located between both actions. Enter 90 and click OK.

    6. Click OK.

    7. Trigger the automation stitch:

      1. Right-click the automation stitch and select Test Automation Stitch.

        After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiProxy. The two notifications are sent to the Slack channel.

    To configure an automation stitch with Slack Notification actions in the CLI:

    1. Configure the automation trigger: 

      config system automation-trigger
    edit "auto-rating"
        set event-type security-rating-summary
    next
end

    2. Configure the automation actions: 

      config system automation-action
    edit "slack1"
        set action-type slack-notification
        set message "This is test for slack notification."
        set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
    next
    edit "slack2"
        set action-type slack-notification
        set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
    next
end

    3. Configure the automation stitch: 

      config system automation-stitch
    edit "auto_rating"
        set trigger "auto-rating"
        config actions
            edit 1
                set action "slack1"
                set required enable
            next
            edit 2
                set action "slack2"
                set delay 90
                set required enable
            next
        end
    next
end

    4. Verify that the automation action was triggered:

      # diagnose test application autod 3
stitch: auto-rating 
    local hit: 1 relayed to: 0 relayed from: 0
    last trigger:Tue Sep 13 11:34:56 2022
    last relay:
    actions:
        slack1:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Tue Sep 13 11:34:56 2022
            last relay:
        slack2:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Tue Sep 13 11:34:56 2022
            last relay:
    Previous
    Next

    Slack Notification action

    Slack Notification action

    To configure an automation stitch with a Slack Notification action, you first need to configure an incoming webhook in Slack. Then you can enter the webhook URL when you configure the Slack Notification action.

    This example uses a Security Rating Summary trigger in the automation stitch with two Slack Notification actions with different notification messages. One message is a custom message, and the other is for the Security Rating Summary log with a 90 second delay.

    To create an Incoming Webhook in Slack:

    1. Go to the Slack website, and create a workspace.

    2. Create a Slack application for the workspace.

    3. Add an Incoming Webhook to a channel in the workspace (see Sending messages using Incoming Webhooks for more details).

    4. Activate the Incoming Webhook, and copy the Webhook URL to the clipboard.

    To configure an automation stitch with Slack Notification actions in the GUI:

    1. Go to Security Fabric > Automation, select the Stitch tab, and click Create New.

    2. Enter the stitch name.

    3. Configure the Security Rating Summary trigger:

      1. Click Add Trigger.

      2. Click Create and select Security Rating Summary.

      3. Name

        auto-rating

        Report

        Security Posture

        Enter the following:

      4. Click OK.

      5. Select the trigger in the list and click Apply.

    4. Configure the first Slack Notification action:

      1. Click Add Action.

      2. Click Create and select Slack Notification.

      3. Enter the following:

        Name

        slack1

        URL

        Paste the webhook URL from the clipboard

        Message

        Text

        Message text

        This is test for slack notification.

      4. Click OK.

      5. Select the action in the list and click Apply.

    5. Configure the second Slack Notification action:

      1. Click Add Action.

      2. Click Create and select Slack Notification.

      3. Enter the following:

        Name

        slack2

        URL

        Paste the webhook URL from the clipboard

        Message

        Text

        Message text

        %%log%%

      4. Click OK.

      5. Select the action in the list and click Apply.

      6. Click the Add delay located between both actions. Enter 90 and click OK.

    6. Click OK.

    7. Trigger the automation stitch:

      1. Right-click the automation stitch and select Test Automation Stitch.

        After the Security Rating report is finished, the automation is triggered and an event log is created by the FortiProxy. The two notifications are sent to the Slack channel.

    To configure an automation stitch with Slack Notification actions in the CLI:

    1. Configure the automation trigger: 

      config system automation-trigger
    edit "auto-rating"
        set event-type security-rating-summary
    next
end

    2. Configure the automation actions: 

      config system automation-action
    edit "slack1"
        set action-type slack-notification
        set message "This is test for slack notification."
        set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
    next
    edit "slack2"
        set action-type slack-notification
        set uri "hooks.slack.com/services/xxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx"
    next
end

    3. Configure the automation stitch: 

      config system automation-stitch
    edit "auto_rating"
        set trigger "auto-rating"
        config actions
            edit 1
                set action "slack1"
                set required enable
            next
            edit 2
                set action "slack2"
                set delay 90
                set required enable
            next
        end
    next
end

    4. Verify that the automation action was triggered:

      # diagnose test application autod 3
stitch: auto-rating 
    local hit: 1 relayed to: 0 relayed from: 0
    last trigger:Tue Sep 13 11:34:56 2022
    last relay:
    actions:
        slack1:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Tue Sep 13 11:34:56 2022
            last relay:
        slack2:
            done: 1 relayed to: 0 relayed from: 0
            last trigger:Tue Sep 13 11:34:56 2022
            last relay:
    Previous
    Next